sap

1,577 tracked vulnerabilities.

CVE-2018-2455 HIGH
SAP Enterprise Financial Services 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 - Authenticated Privilege Escalation
Sep 11, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2454 HIGH
SAP Enterprise Financial Services 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 - Authenticated Privilege Escalation
Sep 11, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2452 MEDIUM
SAP NetWeaver AS Java 7.10-7.11, 7.20, 7.30-7.31, 7.40, 7.50 - Cross-Site Scripting in Logon Application
Sep 11, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2451 MEDIUM
SAP HANA Extended Application Services - Insufficient Session Expiration
Aug 14, 2018
CVSS 6.6
EPSS 0.01
CVE-2018-2450 HIGH
SAP MaxDB 7.8-7.9 - Authenticated SQL Injection
Aug 14, 2018
CVSS 7.2
EPSS 0.02
CVE-2018-2449 HIGH
SAP SRM MDM Catalog 3.73, 7.31, 7.32 - Unauthenticated Improper Authentication in Import Functionality
Aug 14, 2018
CVSS 8.6
EPSS 0.02
CVE-2018-2448 MEDIUM
SAP SRM-MDM Catalog 3.0, 7.01, 7.02 - Information Disclosure of User Existence
Aug 14, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-2447 MEDIUM
SAP BusinessObjects Business Intelligence 4.2 - SQL Injection via Crafted InfoObject Queries
Aug 14, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-2446 HIGH
SAP BusinessObjects Business Intelligence 4.1 4.2 - Unauthenticated Information Disclosure
Aug 14, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-2445 CRITICAL
SAP BusinessObjects Business Intelligence 4.1, 4.2 - Server-Side Request Forgery
Aug 14, 2018
CVSS 9.6
EPSS 0.01
CVE-2018-2444 MEDIUM
SAP BusinessObjects Financial Consolidation 10.0 10.1 - Cross-Site Scripting
Aug 14, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2442 HIGH
SAP BusinessObjects Business Intelligence 4.0-4.2 - Cross-Site Request Forgery
Aug 14, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2441 MEDIUM
SAP Kernel 7.21-7.22, 7.21EXT-7.22EXT, 7.45, 7.49, 7.53, 7.73 - Information Disclosure in Change and Transport System
Aug 14, 2018
CVSS 5.5
EPSS 0.01
CVE-2018-2440 MEDIUM
SAP Dynamic Authorization Management - Sensitive Information Exposure in Application Logs
Jul 10, 2018
CVSS 4.4
EPSS 0.00
CVE-2018-2439 MEDIUM
SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - Denial of Service via Malformed Data Packet
Jul 10, 2018
CVSS 5.9
EPSS 0.02
CVE-2018-2438 HIGH
SAP Internet Graphics Server 7.20 7.20EXT 7.45 7.49 7.53 - Denial of Service
Jul 10, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-2437 CRITICAL
SAP Internet Graphics Service 7.20 7.20EXT 7.45 7.49 7.53 - Remote Code Execution
Jul 10, 2018
CVSS 9.1
EPSS 0.03
CVE-2018-2436 HIGH
SAP R/3 Enterprise Retail - Missing Authorization in WRCK Transaction
Jul 10, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-2435 MEDIUM
SAP NetWeaver Enterprise Portal 7.0-7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 - Cross-Site Scripting
Jul 10, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2434 MEDIUM
SAP NetWeaver UI Add-on and SAP UI Implementation - Content Spoofing via HTML Page Rendering
Jul 10, 2018
CVSS 4.3
EPSS 0.01
CVE-2018-2433 HIGH
SAP Kernel 7.21-7.22, 7.21EXT-7.22EXT, 7.45, 7.49, 7.53 - Denial of Service
Jul 10, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-2432 MEDIUM
SAP BusinessObjects Business Intelligence 4.10-4.30 - Cross-Site Scripting via HTTP Response Header
Jul 10, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-2431 MEDIUM
SAP BusinessObjects Business Intelligence Suite 4.10 and 4.20 - Cross-Site Scripting
Jul 10, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-2427 HIGH
SAP BusinessObjects Business Intelligence Suite 4.10-4.20 - Code Injection
Jul 10, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-2428 MEDIUM
SAP UI5 Handler - Information Disclosure
Jun 12, 2018
CVSS 5.3
EPSS 0.02